diff options
| -rw-r--r-- | debian/changelog | 3 | ||||
| -rw-r--r-- | doc/TODO | 15 | ||||
| -rw-r--r-- | doc/george/changelog | 11 | ||||
| -rw-r--r-- | man/man8/monkeysphere-server.8 | 22 | ||||
| -rw-r--r-- | src/common | 28 | ||||
| -rwxr-xr-x | src/monkeysphere | 20 | ||||
| -rwxr-xr-x | src/monkeysphere-server | 57 | ||||
| -rwxr-xr-x | src/seckey2sshagent | 36 |
8 files changed, 148 insertions, 44 deletions
diff --git a/debian/changelog b/debian/changelog index 2133d2d..cec0988 100644 --- a/debian/changelog +++ b/debian/changelog @@ -11,8 +11,9 @@ monkeysphere (0.2-1) UNRELEASED; urgency=low weren't useful enough to be worth maintaining. * Better handling of unknown users in server update-users * Add file locking when modifying known_hosts or authorized_keys + * Better failure/prompting for gen-subkey - -- Jameson Graef Rollins <jrollins@phys.columbia.edu> Fri, 20 Jun 2008 00:43:44 -0400 + -- Jameson Graef Rollins <jrollins@phys.columbia.edu> Sat, 21 Jun 2008 16:39:26 -0400 monkeysphere (0.1-1) experimental; urgency=low @@ -107,3 +107,18 @@ Update monkeysphere-ssh-proxycommand man page with new keyserver Update monkeysphere-ssh-proxycommand man page with info about no-connect option. + +File bug against seahorse about how, when creating new primary keys, + it presents option for "RSA (sign only)" but then creates an "esca" + key. + +File bug against enigmail about lack of ability to create subkeys. + +Priviledge separation: monkeysphere user to handle authn keyring and + generate authorized_keys file (which would be moved into place by + root). Host keyring would be owned by root. + +Check permissions of authorized_user_ids file to be writable only by + user and root (same as authorized_keys) + +Improve function that sets owner trust for keys in server keychain. diff --git a/doc/george/changelog b/doc/george/changelog index 23ff007..aefbf7f 100644 --- a/doc/george/changelog +++ b/doc/george/changelog @@ -10,6 +10,17 @@ 2008-06-22 - dkg * installed screen (mjgoins and i were collaborating) +2008-06-21 - micah + * Restored /etc/init.d/ssh to original package state and changed + /etc/default/ssh to have 'unset SSHD_OOM_ADJUST' instead. + +2008-06-20 - micah + * Commented out the 'export SSHD_OOM_ADJUST=-17' from the + /etc/init.d/ssh initscript, and the 'SSHD_OOM_ADJUST=-17' from + /etc/default/ssh in order to make this error go away: + "error writing /proc/self/oom_adj: Operation not permitted" + (c.f. Debian #487325) + 2008-06-20 - dkg * touched /etc/environment to get rid of some spurious auth.log entries. diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8 index 3073adc..2b5af5e 100644 --- a/man/man8/monkeysphere-server.8 +++ b/man/man8/monkeysphere-server.8 @@ -51,6 +51,25 @@ in place of `trust-keys'. Output a brief usage summary. `h' or `?' may be used in place of `help'. +.SH SETUP + +In order to start using the monkeysphere, there are a couple of things +you need to do first. The first is to generate an OpenPGP key for the +server and convert that key to an ssh key that can be used by ssh for +host authentication. To do this, run the "gen-key" subcommand. Once +that is done, publish the key to a keyserver with "publish-key" +subcommand. Finally, you need to modify the sshd_config to tell sshd +where the new server host key: + +HostKey /etc/monkeysphere/ssh_host_rsa_key + +If the server will also handle user authentication through +monkeysphere-generated authorized_keys files, set the following: + +AuthorizedKeysFile /var/cache/monkeysphere/authorized_keys/%u + +Once those changes are made, restart the ssh server. + .SH FILES .TP @@ -63,6 +82,9 @@ System-wide monkeysphere config file. /etc/monkeysphere/gnupg Monkeysphere GNUPG home directory. .TP +/etc/monkeysphere/ssh_host_rsa_key +Copy of the host's private key in ssh format, suitable for use by sshd. +.TP /etc/monkeysphere/authorized_user_ids/USER Server maintained authorized_user_ids files for users. .TP @@ -103,8 +103,9 @@ translate_ssh_variables() { # get the user's home directory userHome=$(getent passwd "$uname" | cut -d: -f6) - # translate ssh-style path variables + # translate '%u' to user name path=${path/\%u/"$uname"} + # translate '%h' to user home directory path=${path/\%h/"$userHome"} echo "$path" @@ -123,6 +124,17 @@ gpg2ssh() { gpg --export "$keyID" | openpgp2ssh "$keyID" 2> /dev/null } +# output the ssh key for a given secret key ID +gpgsecret2ssh() { + local keyID + + #keyID="$1" #TMP + # only use last 16 characters until openpgp2ssh can take all 40 #TMP + keyID=$(echo "$1" | cut -c 25-) #TMP + + gpg --export-secret-key "$keyID" | openpgp2ssh "$keyID" 2> /dev/null +} + # output known_hosts line from ssh key ssh2known_hosts() { local host @@ -206,8 +218,8 @@ get_key_fingerprint() { keyID="$1" gpg --list-key --with-colons --fixed-list-mode \ - --with-fingerprint "$keyID" | grep "$keyID" | \ - grep '^fpr:' | cut -d: -f10 + --with-fingerprint --with-fingerprint "$keyID" | \ + grep '^fpr:' | grep "$keyID" | cut -d: -f10 } ######################################################################## @@ -522,8 +534,7 @@ process_authorized_keys() { trust_key() { # get the key from the key server if ! gpg --keyserver "$KEYSERVER" --recv-key "$keyID" ; then - log "could not retrieve key '$keyID'" - return 1 + failure "Could not retrieve key '$keyID'." fi # get key fingerprint @@ -537,9 +548,9 @@ trust_key() { # import "full" trust for fingerprint into gpg echo ${fingerprint}:5: | gpg --import-ownertrust if [ $? = 0 ] ; then - log "owner trust updated." + log "Owner trust updated." else - failure "there was a problem changing owner trust." + failure "There was a problem changing owner trust." fi } @@ -555,7 +566,6 @@ publish_server_key() { # dummy command so as not to publish fakes keys during testing # eventually: #gpg --keyserver "$KEYSERVER" --send-keys $(hostname -f) - echo "NOT PUBLISHED (to avoid permanent publication errors during monkeysphere development). + failure "NOT PUBLISHED (to avoid permanent publication errors during monkeysphere development). To publish manually, do: gpg --keyserver $KEYSERVER --send-keys $(hostname -f)" - return 1 } diff --git a/src/monkeysphere b/src/monkeysphere index 58f0fdc..9b315e2 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -54,14 +54,30 @@ gen_subkey(){ gpgOut=$(gpg --quiet --fixed-list-mode --list-keys --with-colons \ "$keyID" 2> /dev/null) - # return 1 if there only "tru" lines are output from gpg + # fail if there only "tru" lines are output from gpg, which + # indicates the key was not found. if [ -z "$(echo "$gpgOut" | grep -v '^tru:')" ] ; then failure "Key ID '$keyID' not found." fi + # fail if multiple pub lines are returned, which means the id given + # is not unique + if [ $(echo "$gpgOut" | grep '^pub:' | wc -l) -gt '1' ] ; then + failure "Key ID '$keyID' is not unique." + fi + + # prompt if an authentication subkey already exists + if echo "$gpgOut" | egrep "^(pub|sub):" | cut -d: -f 12 | grep -q a ; then + echo "An authentication subkey already exists for key '$keyID'." + read -p "Are you sure you would like to generate another one? [y|N]: " OK; OK=${OK:N} + if [ "${OK/y/Y}" != 'Y' ] ; then + failure "aborting." + fi + fi + # set subkey defaults SUBKEY_TYPE=${SUBKEY_TYPE:-"RSA"} - #SUBKEY_LENGTH=${SUBKEY_LENGTH:-"2048"} + SUBKEY_LENGTH=${SUBKEY_LENGTH:-} SUBKEY_USAGE=${SUBKEY_USAGE:-"auth"} SUBKEY_EXPIRE=${SUBKEY_EXPIRE:-"0"} cat <<EOF diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 693c062..40a6b54 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -46,11 +46,18 @@ gen_key() { local hostName hostName=${1:-$(hostname --fqdn)} + service=${SERVICE:-"ssh"} + userID="${service}://${hostName}" + + if gpg --list-key ="$userID" > /dev/null 2>&1 ; then + failure "Key for '$userID' already exists" + fi # set key defaults KEY_TYPE=${KEY_TYPE:-"RSA"} KEY_LENGTH=${KEY_LENGTH:-"2048"} KEY_USAGE=${KEY_USAGE:-"auth"} + KEY_EXPIRE=${KEY_EXPIRE:-"0"} cat <<EOF Please specify how long the key should be valid. 0 = key does not expire @@ -59,25 +66,22 @@ Please specify how long the key should be valid. <n>m = key expires in n months <n>y = key expires in n years EOF - read -p "Key is valid for? ($EXPIRE) " EXPIRE; EXPIRE=${EXPIRE:-"0"} - - SERVICE=${SERVICE:-"ssh"} - USERID=${USERID:-"$SERVICE"://"$hostName"} + read -p "Key is valid for? ($KEY_EXPIRE) " KEY_EXPIRE; KEY_EXPIRE=${KEY_EXPIRE:-"0"} # set key parameters keyParameters=$(cat <<EOF Key-Type: $KEY_TYPE Key-Length: $KEY_LENGTH Key-Usage: $KEY_USAGE -Name-Real: $USERID -Expire-Date: $EXPIRE +Name-Real: $userID +Expire-Date: $KEY_EXPIRE EOF ) # add the revoker field if requested -# FIXME: the 1: below assumes that $REVOKER's key is an RSA key. why? -# FIXME: why is this marked "sensitive"? how will this signature ever -# be transmitted to the expected revoker? + # FIXME: the "1:" below assumes that $REVOKER's key is an RSA key. why? + # FIXME: why is this marked "sensitive"? how will this signature ever + # be transmitted to the expected revoker? if [ "$REVOKER" ] ; then keyParameters="${keyParameters}"$(cat <<EOF @@ -89,15 +93,11 @@ EOF echo "The following key parameters will be used:" echo "$keyParameters" - read -p "generate key? [Y|n]: " OK; OK=${OK:=Y} + read -p "Generate key? [Y|n]: " OK; OK=${OK:=Y} if [ ${OK/y/Y} != 'Y' ] ; then failure "aborting." fi - if gpg --list-key ="$USERID" > /dev/null 2>&1 ; then - failure "key for '$USERID' already exists" - fi - # add commit command keyParameters="${keyParameters}"$(cat <<EOF @@ -106,14 +106,33 @@ EOF EOF ) - log -n "generating server key... " + log "generating server key... " echo "$keyParameters" | gpg --batch --gen-key - loge "done." - fingerprint_server_key + + # output the server fingerprint + fingerprint_server_key "=${userID}" + + # find the key fingerprint of the server primary key + keyID=$(gpg --list-key --with-colons --with-fingerprint "=${userID}" | \ + grep '^fpr:' | head -1 | cut -d: -f10) + + # write the key to the file + # NOTE: assumes that the primary key is the proper key to use + (umask 077 && gpgsecret2ssh "$keyID" > "${MS_HOME}/ssh_host_rsa_key") + log "Private SSH host key output to file: ${MS_HOME}/ssh_host_rsa_key" } +# gpg output key fingerprint fingerprint_server_key() { - gpg --fingerprint --list-secret-keys =ssh://$(hostname --fqdn) + local ID + + if [ -z "$1" ] ; then + ID="$1" + else + ID="=ssh://$(hostname --fqdn)" + fi + + gpg --fingerprint --list-secret-keys "$ID" } ######################################################################## @@ -214,7 +233,7 @@ case $COMMAND in ;; 'show-fingerprint'|'f') - fingerprint_server_key + fingerprint_server_key "$@" ;; 'publish-key'|'p') diff --git a/src/seckey2sshagent b/src/seckey2sshagent index 4d08c66..1266db5 100755 --- a/src/seckey2sshagent +++ b/src/seckey2sshagent @@ -16,27 +16,37 @@ cleanup() { - echo -n "removing temp gpg home... " + echo -n "removing temp gpg home... " 1>&2 rm -rf $FOO - echo "done." + echo "done." 1>&2 } trap cleanup EXIT -GPGID="$1" - -idchars=$(echo $GPGID | wc -m) -if [ "$idchars" -ne 17 ] ; then - echo "GPGID is not 16 characters ($idchars)." - exit 1 -fi +#GPGID="$1" +GPGID=$(echo "$1" | cut -c 25-) FOO=$(mktemp -d) -gpg --export-secret-key --export-options export-reset-subkey-passwd $GPGID | GNUPGHOME=$FOO gpg --import +gpg --export-secret-key $GPGID | GNUPGHOME="$FOO" gpg --import + +# idea to script the password stuff. not working. +# read -s -p "enter gpg password: " PASSWD; echo +# cmd=$(cat <<EOF +# passwd +# $PASSWD +# \n +# \n +# \n +# yes +# save +# EOF +# ) +# echo -e "$cmd" | GNUPGHOME="$FOO" gpg --command-fd 0 --edit-key $GPGID -GNUPGHOME=$FOO gpg --edit-key $GPGID +GNUPGHOME="$FOO" gpg --edit-key $GPGID -ln -s /dev/stdin $FOO/monkeysphere-key +ln -s /dev/stdin "$FOO"/openpgp -GNUPGHOME=$FOO gpg --export-secret-key $GPGID | openpgp2ssh $GPGID | (cd $FOO && ssh-add -c monkeysphere-key) +GNUPGHOME="$FOO" gpg --export-secret-key $GPGID | \ + openpgp2ssh $GPGID | ssh-add -c "$FOO"/openpgp |